Thc Hydra Brute force cookies/session (Header)

Pytania dla zielonych dotyczące bezpieczeństwa.
AnnonymusPlayer
Posty: 2
Rejestracja: 08 lut 2017, 13:22

Thc Hydra Brute force cookies/session (Header)

Post autor: AnnonymusPlayer »

I have a problem with using a dictionary in Thc Hydra for Header/Cookie parametr.

hydra IP -l mylogin -P /.../test.txt http-get-form "/index.php:login=^USER^&password=mypassword:S=You are logged in!:H=Cookie: token=^PASS^;" -V

That command is working, when I not using ^PASS^ for checking token. When I trying to use ^PASS^ in token, that is not working, even if I have a got right token in test.txt.

I really asking for, a brute force a just header/cookie! For example, I know my login and password, but lets sey I "forgot" my token cookie. How can I brute force with Dictionary the Cookie in Header?

I hope everyone will understand my question!

PS. I using that, only for my permission/personal checking!!!
ODPOWIEDZ